Universiti Teknologi MARA. Vulnerability Analysis on the Nenvork Security by Using Nessus

Transcription

1

2

3 Universiti Teknologi MARA Vulnerability Analysis on the Nenvork Security by Using Nessus Firkhan Ali b. Hamid Ali l\1scit September 2004

4 U niversiti Teknologi MARA Vulnerability Analysis on the Network Security by Using N essus Firkhan Ali b. Hamid Ali (Bachelor of Computer Science (Hons) UPI\1) Independent study repoli is submitted in partial fulfillment of the requirements for the degree of Master of Science in Information Technology Faculty of Information Technology and Quantitative Sciences September 2004

5 ACKNOWLEDGEMENTS The great of praise is to Allah S.W.T for giving me the opportunity, time and eff0l1 to complete in this independent study repoli. Then, I really hope that it will contribute to the continuously knowledge in the f~uture. I want to express my deep appreciation to my supervisor, En. Abdul Hamid Othman that had gave me a good supervision, valuable of guidance and supp0l1 to complete this study. I am deeply indebted to En. Miswan Surip for his outstanding contribution that gives me pennission to done this study at FTMM, KUiTTHO and including all the staffs of FTMM, KUiTTHO for their co-operation. I am really appreciate the role that all lecturers of the Masters program especially A.P Dr. Isa Samat for their effoli, dedication and support in sharing the knowledge and experiences in the field ofit. lowe a great debt of gratitude to my mum, Rahmah Talib for her prays, advices and suppoli along the way in my life. Thanks a lot to my father in law, Monhadi and mother in law, Kasini for supporting me along this study. Lastly, I want to express my deep appreciation for the supp0l1, understanding and encouragement of my beloved wife, Norsalina Monhadi and two of our cute kids, Fatihah Insyirah and Muhammad AI-Fatih. Thanks a lot to all the contributors. 11

6 TABLE OF CONTENTS CONTENTS PAGE TITLE PAGE ACKNOWLEDGEMENTS TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF ABBREVIATIONS ABSTRACT 11 lll-vi VII Vlll IX X CHAPTER 1 PROJECT BACKGROUND 1.1 Introduction Significances of Study Aims Objectives Scopes of Work Project Approach and Methodology Work Flow Project Plan Limitation Summary 2..,.) CHAPTER 2 LITERATURE REVIEW 2.1 Introduction 2.2 Network Management Functional Areas in Network Management III

7 2.2.2 The Network Management Services Area Network Security Network Security Attacks Network Security Service Network Security Model Networking in Linux Layered Network Models TCP/IP Networking Network Protocol TCP/IP Protocols Network Security Assessment Penetration Testing Security Audits Vulnerability Assessment Intrusion in Network Security Discovery Enumeration Vulnerability Mapping Exploitation Vulnerability Scanning Tools Nessus CHAPTER 3 PROJECT APPROACH AND METHODOLOGY 3.1 Introduction.:l._ " ') Background.:l ".:l " Methodology Discovery Vulnerability Scanning IV

8 Vulnerability Analysis Summary CHAPTER 4 RESULTS AND ANALYSIS Introduction Background Results Analysis Type of Vulnerability by Nessus Types of Possible Attacker Types of Possible Security Compromises Exposed of System Component The Best of Network Security Practices Summary CHAPTER 5 CONCLUSION AND RECOMMENDATIONS 5.1 Introduction 5.2 Recommendation 5.3 Conclusion BIBLIOGRAFI APPENDICES Appendix A - List of Available Hosts Appendix B - Network Topology of FTMM Appendix C - Vulnerability Scanning Process by Nessus v

9 Appendix D - General Vulnerability Rep0l1 That Generate by Nessus Appendix E - Vulnerability Report on the One of the Selected Host Appendix F - List of Ness us Plug-ins Family Appendix G - List of Existing 47 Types of Vulnerability VI

10 LIST OF TABLES Table 1.1: Working Schedule Table 2.1: The Layers of OSI Network Model Figure 2.2: The Layers of TCP/IP Network Model Figure 2.3: The Protocols/Network Components in TCP/IP Table 2.4: MTUs "s. Network Layer Table 2.5: Network Protocol in TCP/IP Layer 5 Table 2.6: Network Protocol in TCP/IP Layer 2-4 Table 4.1 : Types of Possible Attacker Table 4.2: Types of Security Compromises Table 4.3: Types of Component that Located Vulnerability ", -' " 0_"'1 84 \.1\

11 LIST OF FIGURES Figure 1.1: Project's woddlow Figure 2.1: Functional Areas of Network Management Figure 2.2: Types of Flow in Netwo, k Attacks Figure 2.3: Network Security Model Figure 3.1: Steps in Vulnerability Analysis hy Nessus Figure 4.1: Available Selected Hosts Figure 4.2: Level of Security Risks Figure 4.3: The Most Dangerous Sen'ices on the Network Figure 4.4: The Most Present Se, vices on the Network Figure 4.5: The Most Dangerous Host Figure 4.6: Number of Security Holes by Hosts Figure 4.7: Level of Security Risks on Host OO.OO.e2.7S.2.. Ue Figure 4.8: List of Open Ports inside the Host Figure 4.9: Detail on One of the Vulnerability inside the Host Figure 4.10: Detail on One of the Warning inside the Host Figure 4.11: Detail on One of the Information inside the I-lost I~ 19 ~-I 66 7~ () ~() \'lj J

12 A TM CSU/DSU DoS HTML HV AC IMAP ISDN ISO UDP OSI NOC NOS PDU PBX RFC RPC SATAN SNMP PC UPS Asynchronous Transfer mode Channel Service Unit/Data Service Unit Denial of Service Hypertext Markup Language Heating, Ventilation and Air Conditioning Internet Message Access Protocol Integrated Services Digital Network International Organization for Standards User Datagram Protocol Open System Interconnection Network Operating Center Network Operating System Protocol Data Unit Public Branch Exchange Request For Comments Remote Procedure Call Security Administrator Tool for Analyzing Network Simple Network Management Protocol Personal Computer UnintelTuptible power Supply IX

13 ABSTRACT Exploitation by attackers whose have breached the network security of some of the world's most venerable institutions and organization had become increased every year including in Faculty of Infon11ation Technology and Multimedia (FTivIM). Kolej Universiti Teknology Tun Huessein Onn (KUiTTHO). Within this type of attention, network security has gone from the as an extra services to the main services in a relatively short period in FTMM. The main purpose is to mitigate security risk and assure that their FTMM's digital assets are in safe and digital environment is become a better condition to the staffs and students. Vulnerability analysis activities can help to identif~y the weaknesses and vulnerabilities in the computer network system at FTMM to prevent the attacks against it by the hackers or crackers. The idea is, done vulnerability analysis by using vulnerability scanning tools. Nessus to identify and fix these weaknesses or vulnerabilities before the attackers use them against the FTMM computer network system.

14 CHAPTER 1 PROJECT BACKGROUND 1.1 Introduction Today, world have face very dangerous threats of cyber crime in the digital environment from a person to a big company like Yahoo, Amazon and etc. The most important is finding the way that it happens and how to protect and solve it. On January 2004, Malaysian Computer Emergency Response Team or MyCERT had reported inside their web site about 157 websites in Malaysia had been hacking and exploit. This incident involved many organization websites including private sector and government. This is the latest incident that happens in Malaysia in several months ago. According to the MyCERT, the last issue on this incident is happening because of two main reasons. Firstly is level of the network security awareness among web masters or system administrators are very low. Secondly, the knowledge of the 'vvebmasters or system administrators is very low. They didn't make any security's assessment and evaluation to ensure the security on their network and systems are in the best condition. Network Security analysis including vulnerability analysis is a chore that many system and network administrators tend to neglect. In today's IT climate of belt tightening, most of the system administrators have a mandate from the companies or organization to do

15 more with fewer resources. Proactive security measures are often low on management's list of priorities especially in Malaysia's organizations until some attacks had done and breach into one of the servers or network According to the scenano and problem above, this project will make a study in vulnerability analysis on the network security by using open source's vulnerability scanning tools, Nessus at Faculty of Infol111ation Technology and Multimedia (FTMM), Kolej Univesiti Teknologi Tun Hussein Onn (KUiTTHO). This effort can be the best way and impoliant things in addressing to this issue. So, this repoli will provide an analysis of the vulnerabilities that make weaknesses on the computer network system in FTMM by using most popular open source tools, Nessus. The result of this analysis will provide including statistic of the types of vulnerabilities, possible attackers, possible infol111ation or data loss that will make weaknesses on the network and the suggestion of best steps or action should be taken to addressing the vulnerabilities that will find in the FTMM's network. 1.2 Significance of Study FTMM will be able to use the result of this vulnerability analysis study on the network security to improve the network security in FTMM, KUiTTHO. Doing this study in FTMM will enhance awareness to done network security assessment and ability of usage open source network security tools. 2

16 1.3 Aims This paper is aim to highlight the critical issues on the security vulnerabilities that make weaknesses on the computer network system in FTMM, Kolej Universiti Teknologi Tun Hussein Onn (KUiTTHO). 1.4 Objectives 1. To scan the network security vulnerabilities and weaknesses by using open source tools, Nessus. 2. To analysis and identify overall of the network security's vulnerabilities that make weaknesses in the network including the general action should be taken on it. 1.5 Scopes of Work As the time allocated for this study is more or less four months, it is essential to outline the scopes of works so that it will work as promised. This study of vulnerability analysis on the network security in FTMM will highlight with this three main things. Firstly is done the vulnerability scanning on the network at FTMM by using open source tools. Secondly is overcome with the possible exploits and vulnerabilities in the computer network from the result of the scanning. Then, the analysis on the vulnerabilities from the

17 vulnerability scanning result will do. Lastly are the recommendations and suggestions to improve the network security according to analysis of the vulnerabilities. Clearly, this study will be implemented to the selected host in range of IP addresses in cel1ain of subnet computer network system in FTMM. 1.6 Project Approach & Methodology This study will be conducted by the following tasks: - Literature review for a study and gather much infom1ation about the: - a) Network management concepts and methodology. b) Network security concept and methodology. c) Network security assessment concept, methodology and Open Source tools. Vulnerability analysis on the network security at FTMM will be conduct by using vulnerability scanning open source tools, Nessus. The steps that will cover in this analysis are discovery, vulnerability scanning and vulnerability analysis. 4

18 1.61 Work Flow START Vulnerability Scanning Vulnerability ~b.na1ysi s Suggesti ons and Recommendati ons "I}lri ting and Submi ssi on Figure 1.1: p,"ojcct's workflow 5

19 1. 7 Project Plan Table 1.1: "'or'king Schedule Yeari:,lonth I 200.+,, i ~by I June I July I August I Sept IOkt I I Planning and Proposal ~! I! I I I I Literature Search ~ i I I I I I Critical Re\'ie\\' ~:,, I I Testing :\et\\'nrk Security I ~ I I I I.\nalysis Data I ~ I I I, Recom mendat i on and : I I Suggestil)n I I I I \\'riting Dissertation I I I ~ I I I> 1.S Limitation The Yast limitation in doing this project IS 111 term of its time. So. to cope with time limitation. this stud\" \\"otiid only done niinerability analysis for network security en\'ironment to the selected host in range of I P addresses in certain subnet computer net\\ork system in FT\I:',1. 6

20 1.9 Summary This is very though time for Malaysian organization including FTMM, KUiTTHO to face too many issues in the nenvork security according to the news and statistic that had provided by MyCERT. All these things will be caused rct facilities will be in damage and slow the process or usable use. This will be effect the quality and quantity of the productions for the organization and the business strategy for that organization is become fail. This network security's problem is critical to many of the organization in Malaysia but analyzing it is a daunting if not impossible task. The solution is make security's assessment including this vulnerability analysis into the network system and the reporting according to the analysis must be consolidates the event data. Then, correlates that data into simplify, meaningful information that is easily understand by the many departments or staffs that need to access it. The intent of this study is to provide useful tips and guidelines from the report of the vulnerability analysis to manage and minimize the vulnerabilities that make penetrations and possible attacks in the computer network system at FTMM, KUiTTHO. The risks or weaknesses from this report like a possible exploit, vulnerabilities or penetration are the potential of the computer network system attacks. In addressing this risks of vulnerabilities, it's need to converge upon a core process for managing network security vulnerabilities by discovering all the network security aspects. 7

21 Then, do scanning these discovered assets over the network system for yulner3bilities. After that, do reporting and prioritizing these vulnerabilities that make the we3knesses on the network. Then, make the suggestions to solve on all these \ ulnerabilities th3t h3d found and its can become dangerous penetrations and attacks to the affected systems. Done the right actions according to the suggestions that we had make from the report to prevent the existing vulnerabilities in the network exploit by the attackers. 8

22 CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Network management is more important things in the network computer system that will provide efficiency and effectiveness use of network. It has several functions including security part that will apply in any type of network topology Network security is become first and very important criteria in any using of devices. system or to make any decision that regarding to the information system. There is because of more systems and computers are interconnected each other for easing to access by authorized users. Then, to detect, protect and react from the threats and intruders. the network security assessment is important thing that need to be done in the organization. So. the testing and analysis in the network security by using network security tools can be done. It has three types of testing and analysis in the network security that includes: - a. Penetration testing. b. Vulnerability Assessment. c. Audit. 9

23 There are many of open source vulnerability scanning tools that available on the Internet that can be use for vulnerability assessment on the network like Nessus, SARA, SATAN and others. Then, to know whose are the attackers and what is methodology, steps and tools that they done on making an attack into the network is also important parts. This knowledge will map the ideas and steps to protect, detect react back if the network system in trouble by intrusions. Lastly, ethical and policy in the network security is more important to the human that involved in network security because it will involve in integrity, availability and confidentiality of data, inforn1ation and system. 2.2 Network Management Main role in the network management concept is keeping up and running to maximum efficiency use of network while effectively managing is growth. There are five functional areas of Network management that consist of Fault/problem management, configuration management, accounting management, perfonnance management and security management. It also known as FCAP that mean for Fault, Configuration, Accounting, Perforn1ance and Security. Then, these five functional areas will apply to 4 distinct, which are Local Area Network, Wide Area Network, ServerlNetwork Operating System and Multi-area. 10

24 2.2.1 Functional Areas in Network Management In the Network management concept to maintain keeping up and running to maximum efficiency while effectively managing is growth is very complex tasks. It has become the very though challenging in the network management processes. So, by dividing its tasks into five functional areas, the tasks of Network management processes can become easier to handle. As mention earlier before the components of this functional areas are consist as follows: - a. Fault/problem management. b. Configuration management c. Accounting management d. PerfOlmance management e. Security management. So, these of five functionalities are needed each other to perform the best computer network running especially in network security and network perfom1ance. The figure 2.1 will show the depending of all these 5 functionality in the network management as follows. 11